Cloud Security August 24, 2023

Lessons learned from the Microsoft Cloud breach

3 min read - In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other…

Cloud Security April 4, 2023

New generation of phishing hides behind trusted services

4 min read - The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion…

Application Security September 22, 2022

Does Follina mean it’s time to abandon Microsoft Office?

4 min read - As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility…

Banking & Finance April 19, 2022

Top Security Concerns When Accepting Crypto Payment

4 min read - From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses…

Government October 25, 2021

Nobelium espionage campaign persists, service providers in crosshairs

2 min read - In an advisory released on October 24, Microsoft announced ongoing campaigns it has attributed to the Nobelium state-sponsored threat group. IBM X-Force tracks this group as Hive099. If the name sounds familiar, that’s because it is the same group that…

News July 1, 2021

Malware Actors Have Begun Using AutoHotkey Scripts For Attacks

2 min read - Living-off-the-land attacks aren’t new. They’re tactics in which attackers misuse tools native to an infected device. They do this in an effort to not install any foreign files or tools as a means. That way, most security tech won’t notice…

News June 7, 2021

Fake Microsoft Store and Spotify Ads Lead to Ficker Malware

2 min read - People tend to be less guarded when they’re dealing with something familiar. Digital attackers know this, which explains why they set up malware behind ads pretending to be for Microsoft Store products and Spotify. Bleeping Computer learned from ESET that…

August 18, 2020

Phishers Grab Microsoft Credentials With Fake SharePoint Emails

3 min read - A new phishing attack begins with a scam email disguised as an automated message from Microsoft SharePoint, Abnormal Security observed on Monday, July 27. Those responsible for the attack do not address the email to any specific employee within the…

August 5, 2020

Users Beware: Spotting a Microsoft Renewal Scam

3 min read - A novel scam began when a user received an email impersonating a notification from Microsoft, Abnormal Security observed on Friday, July 17. The scam arrived after Microsoft had recently taken several steps to deter scammers. Security professionals should be aware of…

May 28, 2020

PonyFinal Ransomware Leverages Brute-Force Attacks to Access Networks

2 min read - Security researchers observed PonyFinal ransomware using brute-force attacks to access targeted organizations' networks.